b"AUDIT OF THE AWARD AND ADMINISTRATION\n      OF DIRM SERVICE CONTRACTS\n\n\n          Audit Report No. 99-041\n            September 30, 1999\n\n\n\n\n         OFFICE OF AUDITS\n\n  OFFICE OF INSPECTOR GENERAL\n\x0c                              TABLE OF CONTENTS\n\n\nBACKGROUND                                                          1\n\nOBJECTIVES, SCOPE, AND METHODOLOGY                                  3\n\nRESULTS OF AUDIT                                                    4\n\nIMPROVING CONTROLS RELATING TO\nDIRM SERVICE CONTRACTS                                              5\n\nImproving Contract Statements of Work                               5\n\n       Recommendation                                               7\n\nPolicies and Procedures Regarding Contract Modifications            7\n\n       Recommendation                                               8\n\nMonitoring Procurements Approved by the Board of Directors          8\n\n       Recommendation                                               9\n\nOpportunities to Improve the Usefulness of Management Information   9\n\n       Recommendations                                              10\n\nSecurity Measures for Contractor Employees                          10\n\n       Recommendation                                               11\n\nNEED TO ENHANCE PROCUREMENT\nPOLICIES AND PROCEDURES                                             11\n\nIdentification of Firms Solicited                                   12\n\n       Recommendation                                               13\n\nNeed to Expand the Amount of Time Allowed for Bid Preparation       13\n\n       Recommendation                                               14\n\x0cImproving the Competitive Process               14\n\n       Recommendation                           15\n\nSeparation of Responsibilities                  15\n\n       Recommendations                          17\n\nCORPORATION COMMENTS AND OIG EVALUATION         17\n\nAPPENDIX I \xe2\x80\x93 MEMORANDUM: CORPORATION COMMENTS   19\n\nAPPENDIX II \xe2\x80\x93 TABLE: MANAGEMENT RESPONSES TO\nRECOMMENDATIONS                                 31\n\x0cFederal Deposit Insurance Corporation                                                               Office of Audits\nWashington, D.C. 20434                                                                 Office of Inspector General\n\n\n\n\nDATE:                          September 30, 1999\n\nMEMORANDUM TO:                 Donald C. Demitros, Director\n                               Division of Information Resources Management and\n                               Chief Information Officer\n\n                               Arleas Upton Kea, Director\n                               Division of Administration\n\n\n\n\nFROM:                          Steven A. Switzer\n                               Deputy Inspector General\n\nSUBJECT:                       Report Entitled Audit of the Award and Administration of DIRM\n                               Service Contracts (Audit Report No. 99-041)\n\nThe Federal Deposit Insurance Corporation (FDIC) Office of Inspector General (OIG) has\ncompleted an audit of the award and administration of DIRM service contracts. The objectives\nwere to evaluate procurement and oversight management practices relating to DIRM\xe2\x80\x99s service\ncontracts. Our review focused on DIRM service contracts because of the increasingly significant\ninvestment that FDIC has made in the use of these resources over the past several years. As of\nOctober 19, 1998, the total value of open DIRM service contracts totaled over $352 million.\nThis report discusses opportunities for improving internal controls and procurement practices regarding\ncontract solicitation, award, and oversight management. The report also discusses opportunities to\nimprove Statements of Work (SOW) that are included in contracts and corporate practices relative to\nbackground checks for contract employees. This report contains\neleven recommendations for improvements, all of which are directed jointly or separately to the\nDirectors of DIRM and the Division of Administration (DOA).\n\n\nBACKGROUND\n\nOne of DIRM\xe2\x80\x99s primary responsibilities is to develop and maintain an Information Technology\n(IT) program that is responsive to the Corporation\xe2\x80\x99s business needs and long term strategies. IT\nprogram activities include the development, operation, enhancement and maintenance of FDIC\xe2\x80\x99s\nautomated information systems. Effective and efficient acquisition of IT resources is critical to the\nsuccess of the FDIC's IT program. DIRM has the authority and responsibility for coordinating the\nacquisition of IT resources and for the oversight of IT-related contracts. These resources include\nPersonal Computer (PC)/Local Area Network (LAN) equipment, packaged software and\nmaintenance, data center management, development of new application systems, maintenance of\nexisting application systems, and FDIC\xe2\x80\x99s technical infrastructure.\n\x0cPrior to the merger of the Resolution Trust Corporation (RTC) and the FDIC in 1996, FDIC\xe2\x80\x99s\ninformation resources management function relied, to a large extent, on FDIC employees to satisfy\nthe Corporation\xe2\x80\x99s IT needs. Conversely, the RTC relied on the use of contractors to address IT\nrequirements. Since its merger with the RTC, the FDIC has placed increasingly greater reliance on\ncontractors to satisfy the Corporation\xe2\x80\x99s IT requirements.\n\nBetween January 1, 1996 and December 31, 1998, FDIC paid over $283 million to DIRM service\ncontractors. This figure is exclusive of payments related to the acquisition of IT goods, including\nhardware and commercial off-the-shelf software products. Expenditures to DIRM service\ncontractors have increased significantly over the past three years. Payments to DIRM service\ncontractors were $74 million in 1996, $90 million in 1997, and over $118 million in 1998.\n\nDOA\xe2\x80\x99s Acquisition and Corporate Services Branch (ACSB) is responsible for soliciting and awarding\nDIRM service contracts. In 1997, ACSB began to streamline the procurement process for the\nacquisition of professional services to support FDIC\xe2\x80\x99s IT requirements. DOA began using contractors\nregistered under the General Services Administration\xe2\x80\x99s (GSA) Federal Supply Service IT Multiple\nAward Schedule (MAS) program. The GSA\xe2\x80\x99s IT MAS program provides Federal agencies with a\nsimplified process for obtaining commonly used commercial supplies and services at prices associated\nwith volume buying.\n\nThe GSA\xe2\x80\x99s IT MAS program establishes indefinite delivery contracts with commercial firms to\nprovide supplies and services at stated prices for given periods of time. All Federal agencies are\nallowed to use GSA\xe2\x80\x99s IT MAS program. Ordering offices issue delivery orders directly with the\nschedule contractors for the required supplies and services. The GSA\xe2\x80\x99s IT MAS program is\nconsidered streamlined because of the reduced amount of time that is needed by agencies to\nacquire the goods and services available through established MAS contracts.\n\nIn addition to the reduced time to complete the procurement process, orders placed with MAS\ncontractors are considered to satisfy the requirement for full and open competition, required\nthrough the Federal Acquisition Regulations (FAR). In fact, GSA regulations do not require\nagencies placing orders under GSA\xe2\x80\x99s MAS contracts to seek further competition, synopsize the\nrequirement, make a separate determination of fair and reasonable pricing, or consider small\nbusiness set-asides.\n\nThe procedures followed for placing orders against the GSA\xe2\x80\x99s MAS contracts are dependent on\nthe amount of the award. For example, ordering offices can place orders directly with any MAS\ncontractor when the value of the award is equal to or below the micro-purchase threshold\n($2,500). When the value of the order is greater than the micro-purchase threshold, but does not\nexceed the maximum order threshold, GSA requires the order to be placed with the schedule\ncontractor that provides the best value. The maximum order threshold is generally not greater\nthan $500,000 and can be less. Ordering agencies can determine best value by reviewing\ncatalogs/pricelists of at least three schedule contractors.\n\nWhen the value of an order exceeds the maximum order threshold of a MAS contract, the ordering\nagency must determine the best value and request price reductions. The maximum order threshold\n\n\n                                                 2\n\x0cis established for each MAS contract and represents the point where it is advantageous for the\nordering office to seek a price reduction because of the quantity of services requested. After price\nreductions have been sought, the agency can place the order with the schedule contractor that\nprovides the best value and results in the lowest overall cost alternative, even if contractors do not\noffer price reductions.\n\nACSB implemented policies that require the FDIC to satisfy requirements beyond what the FAR\nrequires of other government agencies that use GSA\xe2\x80\x99s MAS contracts. The FDIC requires a\nlimited form of competition for FDIC MAS contracts that exceed certain dollar thresholds. For\nexample, FDIC contract awards to MAS contractors that are greater than $100,000 but less than\nthe MAS maximum order threshold, require the contracting officer to actively seek the best price\nby performing price comparisons between at least three MAS contractors offering the required\nproduct or service. Technical evaluations of contractors can also be performed, but are optional\nfor contracts in this category.\n\nACSB policy also requires written proposals from at least three contractors for requirements that\nexceeded the maximum order threshold. Technical evaluations of proposals are also required.\nFDIC\xe2\x80\x99s solicitations and contacts with prospective bidders encouraged the offering of additional\ndiscounts from MAS contract prices. However, because MAS contracts are considered to satisfy\ncompetition requirements, they are not subject to all APM requirements. For example, in addition\nto the limited forms of competition described above, MAS contracts are not currently subject to\nthe same solicitation periods as some other procurement actions, and proposals in response to\nMAS solicitations are not currently required to be evaluated by three-person Technical Evaluation\nPanels (TEP).\n\n\nOBJECTIVES, SCOPE, AND METHODOLOGY\n\nThe objectives of this audit were to determine whether (1) DIRM service contracts were executed in\naccordance with FDIC policies and procedures, (2) internal controls were designed to ensure that\nFDIC\xe2\x80\x99s requirements were satisfied in a cost-effective manner, and (3) administrative controls were\ndesigned to ensure that contractor billings were properly supported and within the scope of the\ncontract.\n\nTo accomplish our audit objectives, we interviewed contract specialists, oversight managers (OMs),\ntechnical monitors and others involved in the contract award and administration process to discuss\ninternal control plans, supervision, and contract monitoring. We reviewed contract files maintained by\nboth DIRM and DOA to assess the adequacy of file documentation, the accuracy of management\ninformation being summarized and reported, the level of supervisory review by contracting officers, and\nthe monitoring of contractors\xe2\x80\x99 performance by OMs. We performed detailed reviews of vendor\ninvoices for accuracy and supporting documentation. We reviewed and evaluated documentation\nsupporting the technical evaluation of contractor proposals and selection recommendation reports. We\nalso reviewed relevant regulations, reports, and policy memorandums.\n\nThe audit was conducted in accordance with generally accepted government auditing standards. We\n\n\n                                                  3\n\x0cconducted our fieldwork at DOA and DIRM headquarters offices between February 1998 and February\n1999. We judgmentally selected 19 DIRM service contracts awarded between March 1997 and April\n1998 that exceeded $1 million in value. The 19 contracts that we reviewed fell into three broad\ncategories. Nine contracts, totaling $42.5 million, provided system development, enhancement, and\nmaintenance support services (systems development life cycle (SDLC) contracts). Five contracts,\ntotaling $39.5 million, provided operational and administration support services for FDIC\xe2\x80\x99s LAN,\ntelecommunications, and data center (operational support contracts). The remaining five contracts,\nvalued at $14.1 million, provided software support and other services, including Year 2000 and\ninternet/extranet support services (software support contracts).\n\nAt the time of our review, 291 DIRM service contracts were open at headquarters. The 19 contracts\nselected totaled $96.2 million and represented approximately 31 percent of the $314.2 million in\nheadquarters DIRM service contracts that were listed as open as of July 14, 1998.\n\nWe designed our selection approach to provide us with the opportunity to evaluate more current\nprocurement practices and, therefore, excluded awards made before March 1997. In early 1997, DOA\nimplemented a streamlined approach, using the GSA\xe2\x80\x99s MAS contracts to satisfy most FDIC IT services\nrequirements. Accordingly, 15 of the contracts that we selected for evaluation were with GSA MAS\ncontractors. Four contracts were competitive procurements that were awarded to contractors that were\nnot under GSA\xe2\x80\x99s MAS program. Our sample included contracts for a variety of services including\nsupport for the data center, systems development, maintenance of existing systems, telecommunications\nand servers, and help desk functions.\n\n\nRESULTS OF AUDIT\n\nOur audit identified opportunities for FDIC to strengthen controls to help ensure that DIRM\nservice contract requirements are satisfied in a cost-effective manner. Contract statements of work\nshould more fully define or provide details on the tasks, requirements, and deliverables expected\nof the successful offerors. Additionally, task assignments after award could be used more\neffectively to describe the services required, deliverables, costs, and delivery dates. Better\nspecifying the Corporation\xe2\x80\x99s contracting needs would serve to lessen FDIC\xe2\x80\x99s reliance on\ncontractors to define contract requirements and deliverables through project work plans that they\nproduce after the contract is awarded. Other added cost controls would be for DOA to clarify its\nexisting policy related to contract modifications that increase the value and scope of contracts\nafter award and develop the ability to monitor expenditure authority through the FDIC\xe2\x80\x99s Purchase\nOrder System (POS) when the value of contracts varies from limits established in the APM. The\nCorporation also needs to better ensure that contracts are properly classified and closed out\ntimely and background investigation checks are performed for DIRM contractors.\n\nThe Corporation executed the 19 contracts in our sample in accordance with the policies and\nprocedures contained in the Acquisition Policy Manual (APM) and, in the case of large, complex\nIT MAS contracts, even went beyond the procurement policies and procedures that other federal\nagencies are required to follow. However, to improve competition for acquiring large service\ncontracts, it would be in the Corporation\xe2\x80\x99s best interest to take existing controls a step further.\n\n\n                                                 4\n\x0cWe are suggesting ways to increase the numbers of bidders solicited; involve a source selection\nofficial; expand membership on TEPs; establish more reasonable timeframes for submission of\nbids; and seek alternative methods of encouraging Minority and Women Owned Business\n(MWOB) participation. Taken together, these actions should improve competition and will better\nprovide the control of segregation of responsibilities between the Office of Contracts and the\nprogram office during key phases of contract award and administration.\n\nWith respect to controls over contractor billings, our review of a selected invoice for each of the\n19 contracts in our sample showed that invoices were properly supported and services were\nwithin the scope of the contract.\n\n\nIMPROVING CONTROLS RELATING TO DIRM SERVICE CONTRACTS\n\nFDIC\xe2\x80\x99s contract statements of work and task assignments issued after contract award can be\nimproved to more fully define the tasks, requirements, costs, delivery dates, and deliverables\nexpected of successful offerors. Further, task assignments issued after award could be used more\neffectively to describe the services required, deliverables, costs, and delivery dates. By better\nspecifying its contracting needs, the Corporation could reduce its reliance on contractors to define\ncontract requirements and deliverables through project work plans produced after contract award.\n DOA can improve cost controls by clarifying its policy regarding contract modifications that\nincrease the value and scope of contracts after award and developing the ability to monitor\nexpenditure authority when contract amounts vary beyond limits established in the APM. The\nCorporation also needs to improve the accuracy of contract classifications, ensure that contracts\nare closed out in a timely manner, and ensure that background investigation checks are performed\nfor DIRM contractors.\n\nImproving Contract Statements of Work\n\nThe FDIC did not clearly define its requirements or deliverables for 13 of the 19 contracts that we\nreviewed. In addition, 11 of the 19 contracts contained language regarding the use of task assignments\nto define requirements and deliverables subsequent to contract award. However, only two of the 11\ncontracts used task assignments to effectively control contractor activities. Further, the Corporation\nrelied on its contractors to define contract requirements and deliverables through project work plans\nthat contractors produced after contract award. The FDIC\xe2\x80\x99s procurement policies and basic internal\ncontrol principles are intended to ensure that the Corporation effectively defines its requirements and\ndeliverables.\n\nThe FDIC\xe2\x80\x99s APM, Section 4.E.3, places responsibility for preparing the contract SOW with the\nprogram office. According to the manual, key items to be taken into account and conveyed through the\nSOW include: (1) the nature of the services and the minimum standards that must be met,\n(2) qualifications necessary to perform the work, (3) the deliverables and the scheduled milestones for\ntheir delivery, and (4) standards by which the contractor\xe2\x80\x99s performance will be measured.\n\nThe 13 contracts referenced above did not contain a clear and complete definition of the services\n\n\n                                                   5\n\x0crequired of the contractor, deliverables and the scheduled milestones for delivery, or standards by which\nthe contractor\xe2\x80\x99s performance would be measured. Absent those elements, it becomes more difficult for\nthe FDIC to measure the performance of contractors. The use of task assignments could have resulted\nin a compensating control on contracts that did not contain an adequate definition of requirements,\ndeliverables, and performance expectations. However, OMs\xe2\x80\x99 use of task assignments did not provide\nthe compensating controls needed for such assurance.\n\nEleven contracts contained language stating that work would be assigned by the OM using task\nassignments after contract award. Eight of the eleven contracts stated that task assignments would\ninclude a description of the services, deliverables and dates, performance period, and a not-to-exceed\ncost. While seven of the eleven contracts used task assignments or System Change Requests, only two\nof the seven task assignments or System Change Requests clearly described services required,\ndeliverables, delivery dates, performance period, and cost. For example, one of the more clear and\ndefinitive task assignments stated that the contractor was to \xe2\x80\x9c\xe2\x80\xa6provide a review and validation of\nexisting FDIC application and COTS software inventories, completed application software assessments,\nand vendor letters used for Year 2000 compliance inquiries.\xe2\x80\x9d This task assignment also cited\ndeliverables such as a Mainframe Application Source Assessment Plan with a due date of November 1,\n1997 at a cost of $150,339.20. However, this level of detail was clearly lacking in the other five task\nassignments in our sample.\n\nNine of the 19 contracts we reviewed related to SDLC services. Requirements and tasks for these\ncontracts were general, somewhat vague, and often similar. The 9 SOWs did not identify the systems\nthat would be addressed, describe the deliverables, or provide specifics regarding priorities or\ntimeframes. Rather, the SOWs listed a variety of systems that could be included within the contract\xe2\x80\x99s\nscope and a listing of SDLC products that could be included as potential deliverables.\n\nIn summary, the requirements and deliverables contained in 13 of the 19 contracts we reviewed did not\nprovide the level of detail needed for FDIC to monitor contractor performance or to establish adequate\naccountability controls over the efficient and effective consumption of IT resources.\n\nWe recognize that not all user requirements can be defined in detail in advance, especially those\nrequirements related to maintenance of existing application systems, ad hoc reporting, and LAN and\ntelecommunications/client support services. When it is not possible to define detailed requirements and\ndeliverables prior to solicitation and award, task assignments can be used to more effectively describe\nthe services required, deliverables and delivery dates, performance period, and cost.\n\nAbsent clearly defined requirements and deliverables in SOWs or task assignments, the FDIC tended to\nrely on contractors to define its requirements. We believe this occurred, in part, because DOA did not\nrequire DIRM and program offices to prepare more detailed SOWs that included detailed requirements\nand deliverables. FDIC could not ensure that DIRM OMs used task assignments effectively because the\nCorporation had not implemented controls to ensure their effective use.\n\nContract OMs received periodic status reports from and met with contractors for which they had\noversight responsibility. However, the status reports were brief statements on activities during the\nreporting periods. Some reports also contained periodic and cumulative resource consumption data.\n\n\n                                                   6\n\x0cHowever, the status reports did not contain specific information regarding progress toward completion\nof the project. The absence of such progress information, coupled with the lack of clear requirements\nand deliverables, reduced the FDIC\xe2\x80\x99s ability to ensure accountability by the contractor and to measure\nperformance.\n\nThe need to improve the SOW sections in DIRM service contracts was reported in a previous OIG\nreport entitled DIRM Contracting Audit, issued during March 1995. DIRM responded to that report\nand agreed to take actions to more clearly define contract SOWs. DIRM also indicated that, in the\nfuture, it would return contract solicitation packages with poorly defined SOWs to the FDIC\norganization that requested the services, and that it would develop a course on how to write\ncomprehensive SOWs. Although DIRM developed a training course that included coverage of SOW\npreparation, based on the results of our current review, additional actions appear necessary to further\naddress these concerns.\n\nRecommendation\n\nWe recommend that the Directors, DIRM and DOA:\n\n(1)     Improve the SOW sections in DIRM service contracts and requirements definition in task\n        assignments to more clearly and concisely define contract deliverables, including timeframes for\n        delivery, resources required for completion, and priorities prior to contract award or task\n        assignment issuance.\n\nPolicies and Procedures Regarding Contract Modifications\n\nACSB can improve controls to limit the expansion of contracts after award. ACSB\xe2\x80\x99s APM Chapter\n7.H contains guidelines when modifications to contracts are necessary. Those guidelines prescribe the\nprocedures that should be followed when making both administrative and substantive changes. In\naddition, the APM requires a complete and approved justification for noncompetitive procurement if the\ncontracting officer determines that a request for modification is not within the scope of work.\nHowever, DOA could enhance these procedures to ensure that contract modifications do not\nsignificantly expand the expenditure authority of DIRM contracts after award.\n\nACSB contracting officers used an informal method to determine whether to approve proposed\ncontract modifications that expanded the value of a contract. Contracting officers compared the\ncumulative cost of the contract modifications to the initial contract amount and used an informal ACSB\npolicy that limited the cumulative amount of modifications to 25 percent of the initial contract amount.\n\nHowever, ACSB was not consistent in approving contract modifications. We reviewed all 291 open\nDIRM service contracts at headquarters and identified five contracts that contained modifications\nexceeding the 25 percent threshold. The five ACSB-approved modifications exceeded the original\nvalue of the contract by 29, 41, 89, 99, and 206 percent.\n\nContract modifications are written alterations to the contract terms and can include changes in the\ndelivery point, rate of delivery, contract period, cost, quantity, or other provisions of an existing\n\n\n                                                    7\n\x0ccontract. They result from planned actions, such as extension option or from unforeseen changes\nrequiring the contracting officer to issue a change order pursuant to a change of condition.\n\nModifications that increase the value of contracts should be used judiciously and controls should be in\nplace to limit contract modifications that significantly increase the value of contracts after award. Such\ncontrols are important to ensure accountability over the expenditure of IT resources. In addition,\nsignificant increases in value or scope may be more effectively addressed through a re-solicitation to\nensure that the FDIC obtains the most favorable pricing and value possible. Without necessary\ncontrols, significant levels of services and related costs can be acquired without competition or\nassurance that the best services are acquired at the lowest costs.\n\nRecommendation\n\nWe recommend the Director, DOA:\n\n(2)     Amend the APM to include policies and procedures that provide more detailed guidance\n        regarding limitations over contract modifications that increase the value of a contract.\n\nMonitoring Procurements Approved by the Board of Directors\n\nACSB can improve controls to track the status of expenditure authorities for multiple contracts\nawarded as a result of cases approved by the Board of Directors (Board). We identified one instance\nwhere ACSB\xe2\x80\x99s need for improved controls contributed to contracting actions that differed from what\nthe Board had approved.\n\nThe lack of accurate information on the status of expenditure authority granted through approved\nBoard cases contributed to exceeding expenditure authority in March 1998 when ACSB executed\ncontract options that exceeded the expenditure authority authorized. During our review, we provided\ninformation on this delegation exception and suggested that management implement more effective\ncontrols to ensure that the FDIC complied with expenditure limitations.\n\nDOA needs to develop controls to ensure that the Board is notified when contract award amounts\ndeviate from estimates that the Board relied upon in approving cases. For example, the Board\napproved a $26 million case that estimated the award of ten contracts spanning a period of more than\nthree years. DIRM provided individual estimates to the Board for each of the ten contracts with\nprojected expenditure amounts for each year.\n\nThe APM, Section 4.I.2.e provides criteria as to when notification is required if the value of a contract\naward varies from the original approved expenditure authority. The policy provides for notification to\nthe appropriate Deputy to the Chairman and the Board (if appropriate). Notification is required if the\naward amount exceeds approved expenditure authority by over $250,000 for procurements up to $5\nmillion, and greater than 5 percent for procurements greater than $5 million. The policy also requires\nexplanation when the award amount was less than the approved amount by greater than $1 million for\nprocurements up to $10 million, and greater than 10 percent for procurements over $10 million.\n\n\n\n\n                                                    8\n\x0cThe provisions of the policy provide adequate guidance for dealing with contract awards that deviate\nfrom the approved expenditure authority. However, ACSB did not have an effective methodology to\nalert officials when the contract award amount deviated from amounts approved by the Board. In\naddition, the policy cited in the APM, Section 4.I.2.e did not address the need for similar notification\nwhen modifications caused a contract to exceed the amounts approved by the Board.\n\nDIRM and DOA stated that OMs and contracting personnel maintained informal manual records that\ntracked the actual award amounts to the approved Board case. However, a variety of ACSB and\nDIRM personnel were responsible for the multiple contracts awarded as a result of a Board case and\nmay be unaware of restrictions or limitations imposed by the Board.\nThese control issues occurred, in part, due to FDIC\xe2\x80\x99s practice of aggregating requirements under one\nBoard case to allow Board members to make expenditure decisions based on estimated costs for an\nentire program or function. ACSB and DIRM had packaged these multiple requirements into\nconsolidated cases that were presented to the Board.\n\nImproved mechanisms to track contract awards, subsequent modifications and expenditures, and their\nrelationship to Board approvals can improve controls and reduce the opportunity for not adhering to\napproved expenditure limitations.\n\nRecommendation\n\nWe recommend the Director, DOA:\n\n(3)     Develop the ability to monitor expenditure authority through the POS to ensure that proper\n        notifications are made and approvals obtained when the value of contracts vary from the limits\n        established in FDIC\xe2\x80\x99s APM.\n\nOpportunities to Improve the Usefulness of Management Information\n\nACSB needs to be able to rely on POS to accurately track the status of open and closed contracts. Our\nreview showed, however, that POS identified contracts as open, although the contracts had expired at\nleast 6 months earlier. In addition, DOA misclassified five DIRM service contracts, totaling $7.1\nmillion, as contracts for goods.\n\nAs of November 3, 1997, POS identified 77 of 402 (19.1 percent) DIRM service contracts as open\nalthough the contracts had been expired for at least 6 months. Twenty of the referenced 77 contracts\nwere listed as having payments pending. While ACSB may have valid reasons for keeping contracts\nopen when payments are pending, we believe that 6 months provides ample time to resolve most\ndisputes. A follow-up analysis on October 20, 1998, revealed that DOA had made an effort to close\nout contracts on a more timely basis. However, 33 of 338 (9.7 percent) DIRM service contracts\ncontinued to be shown as open despite expiring at least 6 months earlier. Six of the 33 had pending\npayments against them.\n\nWe recognize the improvement that ACSB made in closing expired contracts in POS. However, we\nbelieve better controls and more timely action is needed to close out contracts that have expired and\n\n\n                                                    9\n\x0cthat are no longer available for use. FDIC\xe2\x80\x99s payment systems permit the processing of payments against\nexpired contracts that have not been closed in POS if funds remain. Additionally, management reports\nthat are generated out of the POS would be more reliable and meaningful if expired contracts were\nremoved in a more timely manner. DOA management officials indicated that contracting officers did\nnot always close out contracts at the expiration date to allow for the processing of late billings.\nHowever, the officials stated that contracting officials now review contacting activity reports and close\nout contracts following passage of the recorded expiration date.\n\nWe also noted that a POS report misclassified five DIRM services contracts, totaling $7.1 million as\ncontracts for goods. We notified the responsible DOA contracting officers and they indicated that they\nwould make the necessary corrections to reclassify the contracts as service contracts.\n\nContracts were not closed out in a more timely manner and contracts were miscoded in POS because\nACSB had not established adequate controls that monitored the status of expired contracts and other\ndata. A report that identified all expired contracts over 6 months old could improve ACSB\xe2\x80\x99s\nmaintenance of information on the status of contracts. Improved edits that restrict the use of product\nservice codes to either goods or services, but not both, could improve data integrity related to contract\ntype.\n\nRecommendations\n\nWe recommend that the Director, DOA:\n\n(4)     Ensure that expired contracts are closed out in POS in a more timely manner.\n\n(5)     Implement manual or automated controls that limit the use of a product service code to either a\n        contract for goods or for services.\n\nSecurity Measures for Contractor Employees\n\nTo help enhance security, the FDIC can improve controls to ensure that contractor employees\nmeet the FDIC\xe2\x80\x99s suitability standards. Many of the FDIC\xe2\x80\x99s DIRM service contractor employees\nperform work on sensitive or mission critical FDIC systems and were issued credentials to access\nFDIC facilities. However, the FDIC did not consistently subject these individuals to a\nbackground investigation.\n\nThe FDIC maintained a database (PEGASYS) that accounted for all contractor employees that\nhave been issued a FDIC access identification. Another database (OCOS-3) maintained and\nrecorded the results of all background investigations started or completed for contractor\nemployees. We compared the PEGASYS and OCOS-3 databases and identified that 1,542 of the\n2,390 (65 percent) contractor employees who had been authorized to access FDIC facilities did\nnot have a recorded background investigation either started or completed.\n\nWe also sampled contractor employees for 12 DIRM service contractors and 2 subcontractors\nfrom invoices that the contractors submitted for payment to determine whether FDIC had\n\n\n                                                   10\n\x0ccompleted or started a background investigation for these contractor employees. Fifty-one of the\n88 (58 percent) contractor employees had not received a background investigation.\n\nThe provisions of 12 C.F.R. 366.2 and 366.4(a) prescribe the eligibility qualifications that\nindividuals must meet before they can perform work on behalf of the FDIC. Specifically, the\nprovisions of 12 C.F.R. 366.4(a) prescribe disqualifying conditions that if present would preclude\nan individual from doing any work for the Corporation directly or through any contractor or\nsubcontractor it may employ.\n\nIn February 1997, the FDIC implemented a policy, requiring that all contractor employees receive\na background clearance to obtain access to FDIC facilities. Contractor employees are required to\nprovide fingerprints and to sign the appropriate forms granting the FDIC permission to conduct a\nbackground investigation when photographed for their access badge. Before August 1998, the\nFDIC did not have adequate controls in place to ensure that contractors certified that all\nemployees and subcontractor employees meet FDIC\xe2\x80\x99s suitability standards as defined in the\nreferenced statutes.\n\nHowever, in August 1998, DOA amended the FDIC ELIGIBILITY REPRESENTATIONS and\nCERTIFICATIONS form that contractors were required to complete before performing work for\nthe FDIC. These changes made it clear that all prospective contractor employees must meet\nFDIC suitability standards.\n\nTo ensure effective security, it is critical that the FDIC ensures the suitability of individuals\naccessing its facilities. The importance of such assurance is increased when these individuals are\nprovided access and perform work on FDIC\xe2\x80\x99s most critical automated systems and related data,\non-site or off.1\n\nRecommendation\n\nWe recommend that the Director, DOA:\n\n(6)      Ensure that all DIRM service contractor employees have background investigations completed\n         in a timely manner.\n\n\nNEED TO ENHANCE PROCUREMENT POLICIES AND PROCEDURES\n\nThe Corporation executed the 19 contracts in our sample in accordance with the policies and\nprocedures contained in the APM and, in the case of large, complex IT MAS contracts, even went\nbeyond the procurement policies and procedures that other federal agencies are required to\nfollow. However, to improve competition for acquiring large service contracts, it would be in the\nCorporation\xe2\x80\x99s best interest to take existing controls a step further. We are suggesting ways to\n\n1\n On February 5, 1999, the OIG issued an audit report entitled Audit of Food Services Contract With Aramark Services, Inc.\n(Audit Report No. 99-009). This report addressed the need for background investigations for contractor employees who\naccessed FDIC facilities.\n\n\n                                                            11\n\x0cincrease the numbers of bidders solicited; involve a source selection official; expand membership\non TEPs; establish more reasonable timeframes for submission of bids; and seek alternative\nmethods of encouraging MWOB participation. Taken together, these actions should improve\ncompetition and will better provide the control of segregation of responsibilities between the\nOffice of Contracts and the program office during key phases of contract award and\nadministration.\n\nIdentification of Firms Solicited\n\nACSB did not actively participate in the selection and identification of vendors solicited for the\ncontracts reviewed. Rather, ACSB relied on DIRM to provide suggested lists of vendors to solicit. By\nlimiting the firms solicited to only those suggested by DIRM, DOA may have contributed to a reduction\nin the level of competition. The FDIC solicited four or fewer vendors for eight of the contracts\nreviewed. Of the 28 firms solicited for the referenced 8 procurements, only 15 submitted bids. FDIC\nreceived only one proposal for four of the eight procurements.\n\nThe APM states that contracting officers shall prepare a solicitation list identifying the firms to be\nsolicited, identified by MWOB classification, and the rationale for selection. The list shall include firms\nprovided by the Program Office, Office of Equal Opportunity (OEO), eligible firms from the National\nContractor System (NCS), Commerce Business Daily, and other sources, at the direction of the\ncontracting officer. These policies are applicable to the preparation of the solicitation list for both\nformal contracting and simplified procurements. FDIC\xe2\x80\x99s Contractor Performance Management System\n(CPMS) is an additional source that could be used to identify firms that could be solicited. The CPMS\nis used to track the performance ratings for all contracts over $50,000.\n\nAlthough ACSB policy provided for using multiple sources to develop solicitation lists, ACSB typically\nrelied on the list provided by DIRM in their request for procurement services. Sixteen of the 19\ncontracts that we reviewed were awarded through the issuance of a solicitation to multiple vendors.\nACSB relied on the vendor list submitted by DIRM for 12 of the 16 procurements without change.\n\nWhile the principles of competition are achieved when multiple firms are solicited, the process is\nenhanced when proposals are submitted by a sufficient number of firms to permit a comparative\nevaluation of technical capabilities and cost. Receipt of multiple proposals in response to solicitations\nalso helps FDIC ensure it is receiving the highest quality services at the lowest possible cost. Increasing\nthe number of qualified firms solicited increases the opportunity for a greater response to solicitations.\n\n\n\n\n                                                    12\n\x0cRecommendation\n\nWe recommend the Director, DOA:\n\n(7)     Ensure that policy contained in the APM relating to preparation of solicitation lists is followed\n        more effectively and that the NCS and the CPMS are used to augment the sources suggested by\n        the requesting program office.\n\nNeed To Expand the Amount of Time Allowed for Bid Preparation\n\nACSB can enhance the competitive process for major IT procurements by increasing the time for\nprospective offerors to prepare and submit proposals. Because of their complexity, responses to IT\nsolicitations require thoughtful and innovative preparation. Increasing the time allotted for prospective\nofferors to prepare and submit proposals in response to such solicitations can increase the Corporation\xe2\x80\x99s\nability to procure the highest quality service at the lowest possible cost.\n\nSixteen of the 19 contracts reviewed were awarded through competitive procedures and the issuance of\nsolicitations. Eleven of the 16 solicitations allowed less than 20 calendar days for bid preparation and\nsubmission, including time for transmission. Three of these 11 solicitations allowed less than 12 days\nfor bid preparation and submission.\n\nWe observed a correlation between the number of bids received and the length of time allowed for bid\nsubmission. For example, for the five solicitations that allowed more than 20 days for bid preparation\nand submission, 91 percent (21 of 23) of the firms solicited submitted proposals. Conversely, only 34\npercent (11 of 62) of the solicited firms participated in the proposal process for the 11 contracts that\nallowed less than 20 days for bid preparation and submission. Further, only 23 percent (3 of 13) of the\nsolicited firms responded to the three solicitations that provided less than 12 days for bid preparation\nand submission.\n\nThe compressed time frame allowed by ACSB for bid preparation and submission resulted, in part,\nbecause of DOA\xe2\x80\x99s desire to streamline the procurement process and provide services to users more\nquickly.\n\nFederal Acquisition Regulation (FAR) 5.203c requires agencies to allow at least a 30-day response time\nfor receipt of bids or proposals from the date of issuance of a solicitation, for open competitive\nprocurements if the contract action is expected to exceed the simplified acquisition threshold\n($100,000). In addition, the FDIC\xe2\x80\x99s APM, Chapter 6.C.9, requires the contracting officer to consider\nthe complexity of proposal preparation and allow adequate time for this purpose when using formal\ncontracting procedures. The APM goes on to state that normally 20 to 30 days is considered a\nreasonable amount of time when formal contracting procedures are followed.\nThe FDIC is not bound by the FAR, and its formal contracting process is a more limited form of\ncompetition than that referenced in the FAR.\n\nFor simplified procurements, the APM also states \xe2\x80\x9cFirms shall be given sufficient time to prepare a\nresponse (usually between five (5) and ten (10) working days). More detailed requirements may require\n\n\n                                                   13\n\x0clonger proposal preparation times.\xe2\x80\x9d ASB had not established minimum time frames for bid submission\non large, complex MAS competitive procurements.\n\nACSB indicated that it was not required by GSA procedures to solicit competition. However,\nACSB implemented policies that require the FDIC to satisfy requirements that are similar but that\ngo beyond what the FAR requires of other Government agencies that use the GSA\xe2\x80\x99s MAS\ncontracts. The FDIC requires a limited form of competition for FDIC contracts that exceed\ncertain dollar thresholds. For example, FDIC contract awards to MAS contractors that are\ngreater than $100,000 but less than the MAS maximum order threshold, require the contracting\nofficer to actively seek the best price by performing price comparisons between at least three\nMAS contractors offering the required product or service. Technical evaluations of contractors\ncan also be performed but they are optional for contracts in this category.\n\nACSB policy required written proposals from at least three contractors for requirements that exceeded\nthe maximum order threshold of MAS contracts. Technical evaluations of proposals were also\nrequired. When solicitations were issued, prospective bidders were encouraged to offer additional\ndiscounts from their MAS contract prices.\n\nBecause our audit showed that increasing the amount of time that a solicitation remains open increases\nthe percentage of responses that are received, the Corporation should consider establishing a minimum\ntimeframe for large complex procurements to encourage the greatest possible participation among the\nfirms solicited. Limiting the response time for bid preparation to less than 20 days for large and\ncomplex DIRM service contracts can discourage prospective contractors from submitting proposals and\nreduces the FDIC\xe2\x80\x99s ability to ensure that it receives the best value for the goods or services it acquires.\nWhile we understand that ACSB placed significant emphasis on delivery of contracts in shorter\ntimeframes, we believe that increasing the response time for major IT-related solicitations would\nprovide the FDIC with benefits that outweigh the delays encountered.\n\nRecommendation\n\nWe recommend that the Director, DOA:\n\n(8)     Establish a minimum timeframe for bid preparation on large, complex MAS procurements and\n        ensure that ACSB monitors the adequacy of responses obtained and adjusts the minimum\n        timeframe as necessary.\n\nImproving the Competitive Process\n\nFDIC can better ensure the competitive process by not disclosing solicitation lists. The contracting\nofficer for three procurements in our sample provided bidders lists when one or more of the solicited\nfirms requested the information. ACSB management officials stated that they generally approved of the\nrelease of solicitation lists as a way of encouraging MWOB firms to seek out partnering relationships\nwith firms that had been solicited. One section of the APM permits the offeror to be provided a copy of\nthe solicitation list upon request.\n\n\n\n\n                                                   14\n\x0cHowever, the competitive process works most effectively when prospective bidders are not aware of\nthe identity of their competition. Release of this information can provide bidders with the identities of\ntheir competitors. This knowledge can lead to an understanding of the capabilities and capacities of\ntheir competitors that could result in reduced competition, particularly for procurements for which the\nFDIC conducts a limited competition by soliciting a small number of vendors. Release of this\ninformation can also create a potential for practices that would not be in the government\xe2\x80\x99s best interests,\nincluding collusion or price fixing.\n\nACSB stated that they were interested in exploring ways to increase the opportunity for MWOB firms\nto participate in FDIC procurements. To that end, ACSB works with the Office of Diversity and\nEconomic Opportunity (ODEO) to ensure that an appropriate number of MWOB firms are included on\nsolicitation lists. ACSB officials also stated they were interested in exploring other methods for\nencouraging MWOB firms to participate in FDIC procurements. One such method was providing\nsolicitation lists to MWOB firms to facilitate partnering relationships between firms solicited and\nMWOB firms.\n\nWe acknowledge the benefits of increasing the participation of MWOB firms in FDIC procurements.\nHowever, ACSB should explore, with ODEO, alternative methods for improving the opportunities for\nMWOB firms to participate in FDIC procurements, such as including a list of MWOB firms to firms\nsolicited or referring prospective offerors to ODEO to obtain information on MWOB firms with\ncapabilities consistent with the nature of the service required.\n\nRecommendation\n\nWe recommend the Director, DOA:\n\n(9)     Explore, with ODEO, alternative methods of encouraging MWOB firms to participate in FDIC\n        procurements and amend the APM to discontinue the practice of releasing bidder lists for future\n        competitive procurements.\n\nSeparation of Responsibilities\n\nA basic tenet of internal control is effective separation of responsibilities over the award and\nadministration of contracts. In the case of the DIRM service contracts we reviewed, the program office\nwas involved in all phases of the solicitation, award, and administration of service contracts supporting\nits operations. DIRM OMs prepared evaluation criteria, determined which vendors were solicited, and\nchaired TEPs that were assembled to evaluate the technical qualifications of firms submitting proposals.\n OMs were later responsible for managing the contractor\xe2\x80\x99s performance and approving contract\ndeliverables and payments.\n\nSixteen of the 19 contracts we reviewed involved solicitations that were issued to multiple firms.\nFourteen of the these solicitations resulted in responses from at least two firms. Twelve of the 14\ncontracts had TEPs chaired by either the DIRM OM or the technical monitor for the contract. DIRM\xe2\x80\x99s\nOM also performed technical evaluations independently for 4 of the referenced 12 contracts.\n\n\n\n\n                                                   15\n\x0cDIRM\xe2\x80\x99s level of involvement in the award and administration of service contracts occurred because\nDOA officials did not believe that DOA possessed the technical expertise to question DIRM on\ntechnical matters. DOA intentionally allowed the DIRM\xe2\x80\x99s OMs to influence all phases of the\nprocurement because it believed they were the best-qualified people with the greatest interest in\nensuring that the most qualified contractor was selected. DOA confined the bidders lists to the firms\nsuggested by DIRM in its request to DOA for acquisition services. ACSB officials advised that they\npermitted a departure from the three-member panels, as required by the APM, to one-member TEPs for\nprocurements from GSA\xe2\x80\x99s MAS schedules. However, it was up to the ACSB contract specialist\xe2\x80\x99s\ndiscretion to require a TEP of more than one.\n\nBasic internal control principles provide that key duties and responsibilities need to be divided or\nsegregated among different people to reduce the risk of error or fraud. No one individual should\ncontrol all key aspects of a transaction or event. Accordingly, incompatible duties in the contracting\nprocess should be separated to better ensure that proposals are evaluated in a fair and consistent\nmanner. Responsibility for developing evaluation criteria, determining the firms solicited, conducting\nthe evaluation process, and overseeing and administering contracts should not be vested in the same\nperson to reduce opportunities for or the appearance of conflicts of interest.\n\nThe FDIC\xe2\x80\x99s APM defines the roles and responsibilities for ACSB and program offices during the\nprocurement process. ACSB has overall responsibility for contract administration, which includes\ncoordination of the activities of all persons involved in the contracting process. ACSB is also\nresponsible for selecting the firms solicited, and ensuring adequate competition and fair and consistent\ntreatment of all firms solicited. In addition, ACSB is responsible for evaluating proposals to ensure the\nselection of the firm offering the best value to FDIC. Program offices, such as DIRM, are responsible\nfor initiating requirements, developing SOWs, preparing FDIC cost estimates, and submitting\nrequirement packages to ACSB. The program office also can play a role in the selection and evaluation\nprocess to ensure that the contractor selected is capable of meeting the needs of the FDIC.\n\nWhile it is appropriate for DIRM to provide input in the solicitation, evaluation, and award processes,\nmore effective controls are needed on large complex procurements to ensure that there is adequate\nseparation of responsibility. Improved controls will also help to ensure there is not the appearance of or\npotential for a conflict of interest.\n\nACSB could enhance controls relating to separation of responsibilities for large DIRM MAS\nprocurements by expanding the scope of its own policy governing when to use source selection\nprocedures. The APM requires use of source selection procedures for any projected contract award of\n$100,000 or greater and for commercial goods greater than $5 million when formal competitive\ncontracting procedures are followed. However, at the time of our review, source selection procedures\nwere not required for procurements made under simplified procurement procedures, regardless of the\ndollar value, including MAS procurements.\n\nSource selection procedures contained in the APM require the preparation of a Source Selection Plan\n(SSP). The SSP provides guidelines and a control mechanism for conducting the proposal evaluation\nand selection process. The APM states that the SSP contents can include the identity of a Source\nSelection Official (SSO), when the decision is made to establish such a position for an individual\n\n\n                                                   16\n\x0cprocurement. The SSO\xe2\x80\x99s responsibility is to approve the SSP, ensure that the proposal evaluation\nprocess is conducted fairly, and to confirm the award recommendation made by the contracting officer.\n\nRecommendations\n\nWe recommend the Directors, DIRM and DOA:\n\n(10)   Take steps to expand the use of source selection procedures to include large IT MAS service\n       contracts. Specifically, measures should be put in place that provide for the use of a source\n       selection official on large DIRM service contracts.\n\nWe recommend the Director, DOA:\n\n(11)   Ensure that TEPs are comprised of at least three members for large procurements of IT services\n       using MAS contracts when the estimated award value exceeds the maximum order threshold of\n       the MAS contract.\n\n\nCORPORATION COMMENTS AND OIG EVALUATION\n\nOn September 13,1999 the Directors, DIRM and DOA, provided a written response to the draft report.\n The response is presented in Appendix I of this report. Management agreed with all of the report's\nrecommendations. A summary of management\xe2\x80\x99s responses to the recommendations contained in this\nreport follows.\n\nManagement agreed with recommendation 1 and stated that a new SOW, emphasizing the use of task\nassignment (TA) documents, is now required for all future DIRM contracts, TAs will be reviewed by\nACSB, and TAs will become part of the contract file. Management also stated that DIRM and DOA\nwill provide additional training to OMs. Finally, DOA stated it would modify the APM to incorporate\nthe use of TAs in FDIC contracts.\n\nManagement agreed with recommendations 2 and 3 and indicated that DOA would incorporate\nadditional guidance in the APM to clarify the policy involving modifications that increase contract\nvalues. We continue to believe that DOA needs formal policies to ensure that modifications that\nincrease the value of a contract are appropriately identified and approved. In addition, management\nindicated that ACSB\xe2\x80\x99s Quality Assurance Unit would track future expenditures and ensure that\nnecessary notifications were made when the expenditure authority granted through Board cases was\nexceeded.\n\nThe Director, DOA, agreed with recommendations 4 and 5 and stated that DOA\xe2\x80\x99s Quality Assurance\nUnit had been assigned the responsibility to review weekly POS reports to ensure ACSB compliance\nwith current policy. The Director also stated that the DOA Quality Assurance Unit would also be\nresponsible for monitoring the accuracy of ACSB's assignment of product service codes.\n\n\n\n\n                                                 17\n\x0cRegarding recommendation 6, management stated it had implemented a new process for conducting\nbackground investigations, effective July 1999. Management also indicated that changes in the\nbackground investigation process would be incorporated in an upcoming APM revision.\n\nDOA\xe2\x80\x99s initial response to recommendation 7 indicated that DOA did not believe it necessary to increase\nthe number of firms solicited to more than three for large contracts using GSA\xe2\x80\x99s multiple award\nschedule contracts. DOA\xe2\x80\x99s September 13, 1999 response also did not address the audit concern that\nDOA relied excessively on DIRM to identify firms solicited for most of the large contracts we reviewed.\n However, in subsequent discussions, DOA officials indicated that in contracts issued over the past 12\nmonths, DOA has generally solicited 6 to 8 firms for contracts that exceed the maximum order\nthreshold for GSA schedule contracts. DOA also indicated that it now meets with DIRM prior to\nDIRM\xe2\x80\x99s submission of requests for procurement services. DOA management stated that during the\npre-solicitation meetings with the program office, DOA participates in preparation of the bidders list.\n\nRegarding recommendation 8, DOA management agreed with our recommendation and stated that it\nwould collaborate with DIRM and establish a minimum timeframe for vendors to respond to FDIC\nsolicitations.\n\nDOA also agreed with recommendation 9 and stated that in February 1999 ACSB discontinued its\npractice of permitting the distribution of bidders lists. Additionally, DOA responded that dialog with\nODEO has been ongoing to find new methods of stimulating MWOB participation in the procurement\nprocess.\n\nThe Directors, DOA and DIRM, stated that they agreed with recommendation 10 and that they would\nexpand the use of the source selection process to include large IT multiple award schedule service\ncontracts. Regarding recommendation 11, the Director DOA stated she would also instruct COs and\nACSB staff to convene 3-member TEPs for all MAS contracts that exceed the maximum order\nlimitation.\n\nThe Corporation\xe2\x80\x99s response to the draft report provides the elements necessary for management\ndecisions on each of the report\xe2\x80\x99s recommendations. Accordingly, no further response to this report is\nrequired.\n\n\n\n\n                                                  18\n\x0c                                                                                             APPENDIX I\n                                     CORPORATION COMMENTS\n\n\n\n          Federal Deposit Insurance Corporation\n           550 17th Street, NW, Washington, DC 20429\n\n\n\n\nDATE:                               September 13, 1999\n\nMEMORANDUM TO:                      Steven A. Switzer\n                                    Deputy Inspector General\n\n\n\nFROM:                               Donald C. Demitros\n                                    Director, Division of Information Resources Management\n\n\n\n\n                                    Arleas Upton Kea\n                                    Director, Division of Administration\n\nSUBJECT:                            MANAGEMENT DECISION\n                                    Draft Report Entitled Audit of the Award and Administration of DIRM\n                                    Service Contracts, Audit No. 97-910 dated July 30, 1999\n\n\nThe Division of Information Resources Management (DIRM) and the Division of Administration\xe2\x80\x99s (DOA)\nAcquisition and Corporate Services Branch (ACSB) have completed an evaluation of the Office of\nInspector General (OIG) Draft Report No. 97-910 entitled \xe2\x80\x9cAudit of the Award and Administration of\nDIRM Service Contracts.\xe2\x80\x9d\n\nThe primary objectives of this audit were to determine whether (1) DIRM service contracts were executed\nin accordance with FDIC policies and procedures, (2) internal controls were designed to ensure that FDIC\nsatisfied its requirements cost effectively, and (3) administrative controls were designed to ensure that\ncontractor billings were properly supported and within the scope of the contract. The audit covered the\nperiod from March 1997 to April 1998. The OIG reported 11 recommendations dealing with contract\npolicy and procedural issues. There were no questioned costs.\n\nOur management decision is presented in two parts: the Executive Summary and the Management\nDecision detail. Our evaluation addresses the 9 audit findings and 11 recommendations presented in the\nreport. Based on our preliminary review, corrective actions are required for all recommendations. Exhibit\nA summarizes the expected completion dates and the documentation that will confirm completion of the\ncorrective actions.\n\nIf you have any questions concerning the management responses, please contact Mary Rann, Chief,\nFinancial Review Group, at (202) 942-3287.\n\n\n\n\n                                                       19\n\x0cEXECUTIVE SUMMARY\n\nThe following table presents an overview of the management decision. A more comprehensive summary of\nthe decision that details specific areas of agreement or disagreement with each finding and describes\nnecessary corrective actions, including milestone dates, is attached as Exhibit A.\n\n\n\n   Finding                                                   Questioned    Proposed     Amount      Amount\n     No.                  Finding Description                  Cost       Management   Disallowed   Allowed\n                                                                           Decision\n\n      1         Contract statements of work and task\n                assignments are not specific enough in          -0-         Agree         N/A        N/A\n                defining contractor work requirements\n                and deliverables.\n      2         Some contract modifications exceeded                       Partially\n                the 25 percent contract value permitted         -0-         Agree         N/A        N/A\n                by ACSB policy guidelines.\n      3         ACSB lacks a formal mechanism for\n                tracking contract awards to ensure\n                proper notifications and approvals are          -0-         Agree         N/A        N/A\n                obtained when a contract total exceeds\n                the original approved expenditure\n                authority.\n      4         Closed contracts were not recorded\n                timely in the Purchase Order System             -0-         Agree         N/A        N/A\n                (POS). There were also several\n                contracts incorrectly classified in POS.\n      5         Contractor personnel were working in\n                FDIC facilities without the required            -0-         Agree         N/A        N/A\n                background investigations.\n      6         FDIC did not use multiple sources to                       Partially\n                prepare solicitation lists for DIRM             -0-         Agree         N/A        N/A\n                contracts as required by ACSB policy.\n      7         Many contract solicitations did not             -0-         Agree         N/A        N/A\n                allow a reasonable amount of time for\n                companies to respond.\n      8         ACSB policy permitting disclosure of\n                companies on the solicitation list can\n                reduce competition and increase                 -0-         Agree         N/A        N/A\n                chances that companies might engage\n                in practices that are not in the\n                government\xe2\x80\x99s best interests.\n      9         Many DIRM service contracts had too\n                much participation and influence by a           -0-         Agree         N/A        N/A\n                single program person for technical\n                evaluation as well as contract\n                solicitation, award, and administration.\n\n\n   TOTAL                                                        -0-                       N/A        N/A\n\nThe nine audit findings summarized in the table above contain no questioned costs.\n\nMANAGEMENT DECISION\n\nReviewing the overall results of your audit, we are pleased that you found the Corporation executed all 19\ncontracts you reviewed in accordance with FDIC policies and procedures, and in the case of the large,\ncomplex information technology (IT) multiple award schedule (MAS) contracts, that the Corporation\nexceeded procurement requirements of other federal agencies. With respect to controls over contractor\n\n                                                           20\n\x0cbillings, we acknowledge your finding for the same 19 contracts that invoices were properly supported and\nservices were within the scope of the contract.\n\nFollowing is a summary of the findings in your report and a consolidated DIRM/DOA management\ndecision describing corrective action that addresses each of your recommendations.\n\n\nFINDING #1: Statements of Work and Task Assignments Not Specific\n\nRECOMMENDATION: The OIG recommends that the Directors, DIRM and DOA improve the\nstatement of work (SOW) sections in DIRM service contracts and requirements definition in task\nassignments to more clearly and concisely define contract deliverables, including timeframes for delivery,\nresources required for completion, and priorities prior to contract award or task assignment issuance.\n\nBACKGROUND: The OIG found that FDIC did not adequately define its requirements or deliverables\nfor 13 of the 19 contracts it reviewed. In 11 of these contracts, there was a requirement to use task\nassignments to further define its needs, but FDIC actually used them in only two of the contracts. The\nSOWs generally did not identify the systems to be addressed, describe the deliverables, or provide specifics\nregarding priorities or timeframes. The OIG concluded that FDIC is unable to measure contractor\nperformance because of the poorly defined requirements and status reports that did not contain specific\naccomplishments.\n\nMANAGEMENT RESPONSE: We agree with the finding and recommendation.\n\nDIRM has initiated several important actions that address the OIG concerns regarding the SOW\nand task assignment contracts (TA), and in concert with DOA, DIRM has taken additional actions\nthat will improve overall contract oversight. DIRM issued a revised SOW shell document on\nMarch 29, 1999. This new document incorporates all the steps involved in the development of an\nIT system; and it includes the specific required tasks the contractor must perform during each\nphase. This new SOW, approved by ACSB, will be used for all future DIRM contract\nrequirements and will emphasize the use of task assignment documents to better define such\nthings as deliverables, completion schedules, and estimated labor charges. For future DIRM\ncontracts, the signed TAs will be forwarded to ACSB where they will become part of the official\ncontract file\n\nDIRM contractors are required to submit monthly status reports. These reports have been\nmodified to conform with the improved SOW requirements. Use of the revised status reports,\ncombined with the task assignment documents, will enable the oversight manager (OM) to better\nmonitor contractor progress and measure performance for assigned tasks.\n\nIn addition to the improvements in the SOW and TAs, ACSB and DIRM have combined to take\nadditional actions to strengthen oversight and administration of DIRM contractors. Beginning in\nJune 1999, the Divisions began training OMs in these changes and improvements. The Divisions\nconducted a seminar, attended by all OMs, that covered lessons learned, problems to avoid, and\nother DIRM-related contract administration issues. To communicate the recent contract changes,\nthe Divisions developed a training course required for all OMs, that is scheduled to begin in\nSeptember 1999. This course will provide additional instruction on SOW preparation and the use\nof task assignment contracts.\n\nLastly, ACSB will modify the Acquisition Policy Manual (APM) to establish corporation-level\n                                                    21\n\x0cprocedures for using TAs as a method for acquiring goods and/or services under FDIC contracts.\n\nFINDING #2: Contract Modifications Exceeded Amounts Permitted by ACSB Policy\n\nRECOMMENDATION: The OIG recommends that the Director, DOA amend the APM to include\npolicies and procedures that provide more detailed guidance regarding limitations over contract\nmodifications that increase the value of a contract.\n\nBACKGROUND: The OIG found that of the 291 open DIRM contracts, five (5) contained modifications\nthat increased the cumulative cost of the contract after award in a range from 29 to 206 percent. These\nexceeded the existing informal ACSB policy limiting such increases to 25 percent. Based on these results,\nthe OIG concluded that regarding DOA compliance with the informal policy, ACSB was not consistent in\napproving contract modifications. The OIG goes further to suggest that controls were not adequate to\nprevent these large increases in budget authorizations; and inadequate controls results in non-competitive\npurchases that may not be the best value for the Corporation.\n\nMANAGEMENT RESPONSE: We agree with the recommendation.\n\nManagement agrees with the criteria asserted by the OIG stating that modifications that increase\nthe value of contracts should be used judiciously and controls should be in place to limit\nsignificant increases in value of contracts after they are awarded. From the 291 DIRM contracts\nreviewed in the audit, we examined the five contract modifications that led OIG to the conclusion\nthat DOA was inconsistent and somewhat less than judicious in its approval of price\nmodifications, and that controls were not adequate in this approval process.\n\nTwo contracts (95-01218 and 95-02749) were awarded prior to the Acquisition Policy Manual\n(APM) and the Expenditure Delegations. Under these two contracts, the modifications in\nquestion were for pre-established option exercises. The earlier acquisition rules permitted budget\nauthorization approvals using modifications at the time a contract option was exercised. In one\nexample cited by OIG, the approved authorization of contract 95-02749 was $215,000, the first\nyear budget for the contract, as pointed out by the OIG. However, this was not the amount\nestimated or budgeted by FDIC to complete the work under this contract. In fact, the price\nschedule in the original contract contained budgeted costs for two one-year option periods, that\nincluded an additional $204,487 in fixed price fees and fully burdened hourly rates for four\ndifferent contractor employee categories for all three years of the contract. The OIG is correct\nthat $444,487 in budget authorizations for the second and third years of the contract was not\nofficially approved until the contract options and modifications were exercised. However, those\ncosts were anticipated in the original contract; and the modifications did not change the scope of\nwork or the original cost estimates in the magnitude suggested in the OIG report. It is important\nto note that DOA complied fully with the existing acquisition policies for both these contracts.\n\nThe remaining three contracts involved increases that exceeded 25 percent of the original\napproved cost. We found evidence documented in the contract files that (a) requests were\nsubmitted along with justification from the program office for the proposed contract\nmodifications, (b) the requests were reviewed by ACSB, and (c) management approved the\nrequested contract modifications.\n\nReview of the five contracts cited in the report led DOA management to conclude that\nmodifications that result in substantial increases in contract values are not entered into lightly.\n\n                                                   22\n\x0cThat is evidenced by OIG results showing only one percent (3 of 291) of the contracts involved\nprice increases that exceeded 25 percent of the original contract value. In these three rare cases,\nthe requests for increased funding were scrutinized by ACSB before approval; and when ACSB\ndecided that a pricing modification would be in the best interests of the Corporation, each case\nwas approved by an official with the appropriate delegated authority. In fact, the modification for\ncontract 97-00544 was approved by the ACSB Associate Director, as well as the Corporation\xe2\x80\x99s\nChief Financial Officer and Chief Operating Officer--evidence that internal controls to prevent\nunwarranted procurements were in place and functioning as intended.\n\nTherefore, management disagrees with the OIG conclusions, but finds merit in its recommendation. DOA\nwill provide additional guidance in the APM to clarify the policy related to modifications that increase\ncontract values.\n\n\nFINDING #3: ACSB Lacks Formal Mechanism for Tracking Contract Awards\n\nRECOMMENDATION: The OIG recommends that the Director, DOA develop the ability to monitor\nexpenditure authority through the Purchase Order System (POS) to ensure that proper notifications are\nmade and approvals obtained when the value of contracts vary from the limits established in FDIC\xe2\x80\x99s APM.\n\nBACKGROUND: The OIG identified a March 1998 contract approved by the Board of Directors, in\nwhich ACSB exercised contract options that exceeded the original budget without notifying the Board or\nobtaining its approval. On the basis of this case, the OIG concluded that ACSB did not have adequate\ncontrols in place to track the status of Board case expenditures. These control weaknesses cannot ensure\nthat differences between actual awards and Board-approved budgets are identified, and that proper\nnotifications are made to the Board when any increases in contract authorizations occur.\n\nMANAGEMENT RESPONSE: We agree with the finding and recommendation. POS currently allows\nContracting Officers to enter and track approved expenditure authorization against total dollars awarded\nunder contracts. The APM has current policy in place which requires notification on high dollar awards\nwhen the contract amount is under or over (by established percentage) the approved expenditure amount. In\nsupport of this policy, ACSB established an internal Quality Assurance Unit that assists the contracting\nofficers with monitoring expenditure authority requirements required by Board cases to ensure that\nexpenditure authority is not exceeded without providing the required notification. ACSB will establish\ninternal procedures to ensure that all Cases (when required) will be provided to the Quality Assurance Unit\nto track expenditures and ensure that proper and timely notifications are made.\n\n\nFINDING #4: Contracts Were Not Timely or Correctly Recorded in POS\n\nRECOMMENDATIONS: The OIG recommends that the Director, DOA (4a) ensure that expired\ncontracts are closed out in POS in a more timely manner, and (4b) implement manual or automated\ncontrols that limit the use of a product service code to either a contract for goods or for services.\n\nBACKGROUND: The OIG found 33 of 338 DIRM service contracts service contracts being reported as\nopen even though they had expired at least six months earlier. They also noted that five DIRM service\ncontracts, totaling $7.1 million were incorrectly classified in POS as contracts for goods.\n\nMANAGEMENT RESPONSE: We agree with the finding and recommendations.\n\n\n\n                                                    23\n\x0cAs a general rule, DOA keeps contracts open 90 days beyond the expiration date to permit FDIC\nand the contractor sufficient time to make payment on final invoices, complete delivery on\noutstanding orders, and resolve any other audit or contract issues. In order to ensure that\ncontracts are properly and timely closed out, ACSB created a Quality Assurance Unit assigned\nthe responsibility of reviewing weekly POS reports to ensure DOA adherence to the 90-day\ntimeframe.\n\nDOA uses product service codes (PSC) to fulfill reporting requirements in and outside the\nCorporation; and we recognize that this information should be as accurate as possible. Therefore,\nbased on the OIG finding, ACSB Unit Chiefs (Acquisition Section) will implement a manual\nreview of all PSCs prior to the execution of a contract. In addition, the Quality Assurance Unit\nwill be responsible for routinely checking the accuracy of this process.\n\n\nFINDING #5: Contractor Personnel Working Without Required Background Investigations\n\nRECOMMENDATION: The OIG recommends that the Director, DOA ensure that all DIRM service\ncontractor employees have background investigations completed in a timely manner.\n\nBACKGROUND: The OIG reported that 1,542 of the 2,390 (65 percent) contractor employees who had\naccess to FDIC facilities did not have completed background investigations (BI) as required by FDIC\npolicy and governing regulations. In addition, 51 of 88 (58 percent) of contractor employees for 12 DIRM\nservice contractors and 2 subcontractors did not have the required background investigation.\n\nMANAGEMENT RESPONSE: We agree with the finding and recommendation. ACSB has\nimplemented a new BI process that will satisfy the OIG\xe2\x80\x99s concerns in this area. This involves tightening\nand clarifying the BI policies and procedures (including standard contracting documents) and in\nheadquarters, using the Policy and Training Unit to act as intermediary and the Quality Assurance Group\nto ensure that BIs are requested by the Contracting Officer and are provided to the Security Services Unit\nto conduct the review. Tracking and suspense systems are in place and this new process was operational in\nJuly, 1999. The new BI process will be incorporated in an APM revision. In the future, DOA will ensure\nthat BIs are performed for all contractors that have either direct or remote access to FDIC facilities or\ninformation systems. Also, the OIG initiated an audit survey of these tracking and suspense systems in\nSeptember 1999, that will evaluate the effectiveness of the new BI policies.\n\nFINDING #6: Multiple Sources Not Used to Prepare Solicitation Lists\n\nRECOMMENDATION: The OIG recommends that the Director, DOA ensure that policy contained in\nthe APM relating to preparation of solicitation lists is followed more effectively and that the National\nContractor System (NCS) and the Contractor Performance Management System (CPMS) are used to\naugment the sources suggested by the requesting program office.\n\nBACKGROUND: The OIG found that in 8 of the 19 contracts reviewed, FDIC solicited four or fewer\nvendors. Furthermore, from a total of 28 solicitations in the 8 procurements, only 15 firms submitted bids;\nand in 4 of the 8 contracts, FDIC received only one proposal. Also, OIG noted that in 12 of 16 multiple\nsolicitation procurements, ACSB relied exclusively on the list provided by DIRM.\n\nThe OIG suggests that there are too few vendors being solicited. Other sources such as the Office of Equal\nOpportunity, the NCS, and the Commerce Business Daily, and FDIC's CPMS are not being used to\nidentify potential contractors, as provided for in the APM.\n\n\n                                                    24\n\x0cMANAGEMENT RESPONSE: We partially agree with the finding and recommendation.\n\nThe OIG correctly points out that the APM suggests that the contracting officer may use a variety of\nsources to identify potential vendors for inclusion on a solicitation list. We agree that the CO should give\nserious consideration to the use of other sources when FDIC uses a formal contracting process. However,\nthat is not the case when the procurement is through the Federal Supply Schedule (FSS).\n\nThe General Services Administration (GSA) developed the FSS to simplify the purchasing process for\ncommonly used goods and services in the federal government. Vendors on the schedule are already\nconsidered technically qualified to perform, and the GSA pricing is universally accepted to be competitively\nfair and reasonable. Therefore, under the FSS, soliciting a large number of firms will not provide an\nincremental benefit related to contractor qualifications or price. Seventeen of the 20 current DIRM service\ncontracts over $1 million, were FSS procurements. ACSB adopted, with Policy Memorandum 97-017,\ndated November 13, 1997, the GSA policy covering large awards under an FSS contract such as those\nsampled in the OIG audit. That policy requires DOA to solicit no fewer than three FSS contractors\noffering the required product or service; and DOA has complied fully with that policy.\n\nTo the extent the OIG recommendation refers to non-GSA purchases, Management agrees and will\ncontinue to emphasize to contracting officers (CO) the importance of using all available sources when\ndeveloping a solicitation list to maximize competition for FDIC contracts. DIRM and DOA are applying\nmarketing research analysis to help locate additional firms that have the skills to meet some of the unique\nrequirements of the Corporation. Management is scheduling presentations by companies interested in IT\ncontracting, and those meeting FDIC requirements are added to the NCS. This expansion of prospective\ncontractors includes coordination with FDIC\xe2\x80\x99s Office of Diversity and Economic Opportunity (ODEO) to\nensure there is a large pool of qualified minority and woman-owned business (MWOB) firms available that\nmeet FDIC requirements.\n\n\nFINDING #7: Contract Solicitations Do Not Allow Sufficient Time To Respond\n\nRECOMMENDATION: The OIG recommends that the Director, DOA establish a minimum timeframe\nfor bid preparation on large, complex MAS procurements and ensure that ACSB monitors the adequacy of\nresponses obtained and adjusts the minimum timeframe as necessary.\n\nBACKGROUND: The OIG reported that 11 of the 16 contracts competitively bid allowed less than 20\ndays for vendors to respond to a solicitation, a practice that does not, in their opinion, foster competition.\n\nMANAGEMENT RESPONSE: We agree with the finding and recommendation.\n\nDOA has conducted most of its large IT service procurements against the GSA schedule.\nCompanies listed on the schedule have already demonstrated their technical abilities to provide IT\nservices. Because of this, FDIC requires less information from bidders than would be necessary\nunder formal competitive procedures; and the capable firms solicited generally require less time to\nevaluate the FDIC requirements and submit proposals. We note that 10 of the 11 contracts\nallowing fewer than 20 days for response identified by the OIG were GSA procurements.\n\nBased on prior experience, DOA considers 14 days sufficient response time in most GSA\nprocurements, and has set that as an informal benchmark. The responsible CO reviews all large\nIT procurements and may adjust the timeframe depending on the complexity of the Corporation\xe2\x80\x99s\nrequirements.\n\n\n                                                      25\n\x0cWhen DOA allowed at least 14 days to respond, more than 48 percent of the firms in the OIG\nsample, solicited under the GSA schedule, submitted proposals--a response rate that exceeds the\ngovernment-wide average. However, that rate drops sharply to only 23 percent when DOA\nallowed less than 12 days for firms to respond. Based on these results, management\nacknowledges OIG\xe2\x80\x99s concern regarding the need for a minimum time to respond to our contract\nsolicitations.\n\nDOA will confer with DIRM management and will establish a minimum timeframe that will better\nenable vendors to respond to FDIC contract solicitations while recognizing the CO responsibility\nto weigh the complexity of contract requirements against the critical IT needs of the Corporation.\n\nFINDING #8: Disclosing Solicitation Lists Can Reduce Competition and Increase Risk to the\nCorporation\n\nRECOMMENDATION: The OIG recommends that the Director, DOA explore with ODEO, alternative\nmethods of encouraging MWOB firms to participate in FDIC procurements and amend the APM to\ndiscontinue the practice of releasing bidder lists for future competitive procurements.\n\nBACKGROUND: The OIG found that in three instances, FDIC provided bidder lists to other solicited\nfirms when requested. OIG believes this practice restricts competition and creates an environment that is\nnot in the best interests of the Corporation.\n\nMANAGEMENT RESPONSE: We agree with the finding and recommendation. The APM prohibits\ndistribution of bidder lists. Notwithstanding this prohibition, ACSB waived the policy for about nine\nmonths beginning June 1998. The purpose of the waiver was to allow dissemination of bidder information\nto minority and woman-owned businesses (MWOB), to permit them an opportunity to offer their services\nto other prospective offerors as potential subcontractors. The waiver was removed in February 1999,\nreinstating the existing policy.\n\nDOA remains committed to working with ODEO to stimulate MWOB and Small Disadvantage Business\n(SDB) participation in the FDIC procurement process. ACSB will provide the solicitation distribution list\nto ODEO and will modify the RFP document to instruct potential offerors and subcontractors to contact\nODEO who will act as a clearinghouse for subcontracting opportunities and subcontractors for forming\nteams with prospective offerors on FDIC procurements. ACSB will monitor this process to ensure it is\nsufficiently generating subcontracting opportunities for SDBs and MWOBs.\n\n\nFINDING #9: Too Much DIRM Participation and Influence Over Contract Solicitation, Award,\nand Administration\n\nRECOMMENDATIONS: The OIG recommends that the Directors, DIRM and DOA (9a) take steps to\nexpand the use of source selection procedures to include large IT MAS service contracts. Specifically,\nmeasures should be put in place that provide for the use of a source selection official on large DIRM\nservice contracts. The OIG also recommends that the Director, DOA (9b) ensure that TEPs are comprised\nof at least three members for large procurements of IT services using MAS contracts when the estimated\naward value exceeds the maximum order threshold of the MAS contract.\n\nBACKGROUND: The OIG reported that the program office was involved in the solicitation, award, and\nadministration phases of the contracting process, objecting that this violates the basic tenet of internal\ncontrols--separation of responsibilities. The OIG faults the program office OMs for being too active in the\nevaluation of prospective contractors. Specifically, for 12 of 14 contracts involving multiple proposals, the\n\n                                                     26\n\x0cDIRM oversight manager or technical monitor chaired the Technical Evaluation Panel (TEP). The OM\nalso prepared an evaluation in four of these contracts. In addition, ACSB permitted the DIRM OM or\nTechnical Monitor to serve as a one-member TEP in four of the contracts reviewed.\n\nMANAGEMENT RESPONSE: We agree with the finding and recommendations.\n\nDOA and DIRM have used source selection officials for large, highly visible contracts to ensure the best\ncontractor was chosen to support the Corporation\xe2\x80\x99s requirements. Management agrees with expanding the\nuse of the source selection process to include larger IT multiple award schedule (MAS) service contracts.\n\nCurrently, the APM provides for this process only at the request of the client program office. The APM\nwill be modified to better clarify the role and process for using a Source Selection Official (SSO). In\naddition, ACSB will explore the advantages and/or necessity of requiring SSOs for all large dollar value\ncontracts in the future.\n\nDOA also agrees with the OIG recommendation regarding the technical evaluation panel (TEP).\nManagement will instruct all COs and ACSB staff to convene 3-member TEPs for all MAS contracts that\nexceed the Maximum Order Threshold.\n\ncc:     Deborah Reilly\n        Janet Roberson\n        Scott Miller\n        Mary Rann\n        Andrew Nickle\n        Rack Campbell\n        Richard Johnson\n\n\n\n\n                                                    27\n\x0c                                                                EXHIBIT A\n\n                                         DIV. OF INFORMATION RESOURCES MANAGEMENT / DIV. OF ADMINISTRATION\n\n                                                             SUMMARY OF MANAGEMENT DECISION\n\n\n\nNO.        FINDING DESCRIPTION                QUESTIONED      AMOUNT              DESCRIPTION OF CORRECTIVE ACTION                               EXPECTED     DOCUMENT\n                                                 COST       DISALLOWED                                                                          COMPLETION    VERIFYING\n                                                                                                                                                   DATE      COMPLETION\n 1    Contract statements of work and task                                                                                                         Final\n      assignments are not specific enough             -0-           -0-   Management agreed with the finding and recommendation.                Management    New SOW\n      defining contractor work                                                                                                                   Decision          /\n      requirements and deliverables.                                                                                                                 +         Training\n                                                                          A new SOW, emphasizing the use of task assignment (TA)                 120 days        Plan\n                                                                          documents, is currently required for all future DIRM contracts; and                      /\n                                                                                                                                                                APM\n                                                                          the TAs will be reviewed by ACSB and become part of the                              Revision\n                                                                          contract file. DIRM and DOA will provide additional training to\n                                                                          OMs. Also, ACSB will modify the APM to incorporating the use\n                                                                          of TAs in FDIC contracts.\n\n 2    Some contract modifications                     -0-           -0-   Management did not agree with the conclusion, but agreed with\n      exceeded the 25 percent contract                                                                                                             Final\n      value permitted by ACSB policy                                      the recommendation.\n      guidelines.                                                                                                                               Management      APM\n                                                                                                                                                 Decision      Revision\n                                                                          ASB will incorporate additional guidance in the APM to clarify the         +\n                                                                          policy involving modifications that increase contract values.          120 days\n\n\n 3    ACSB lacks a formal mechanism for                                                                                                            Final\n      tracking contract awards to ensure                                  Management agreed with the finding and recommendation.\n      proper notifications and approvals              -0-           -0-                                                                         Management     ACSB\n      are obtained when a contract total                                                                                                         Decision    Memorandum\n      exceeds the original approved                                       ACSB\xe2\x80\x99s Quality Assurance Unit will track future                            +\n      expenditure authority,                                              expenditures and ensure that necessary notifications are               60 days\n                                                                          made.\n\n\n\n\n                                                                             28\n\x0c                                                                 EXHIBIT A (Con\xe2\x80\x99t)\n\n\n                                                           SUMMARY OF MANAGEMENT DECISION\n\n\n\n                                             QUESTIONED      AMOUNT              DESCRIPTION OF CORRECTIVE ACTION                            EXPECTED      DOCUMENT\nNO.        FINDING DESCRIPTION                  COST       DISALLOWED                                                                       COMPLETION     VERIFYING\n                                                                                                                                               DATE       COMPLETION\n\n 4    Closed contracts were not recorded                                 Management agreed with the finding and recommendations.\n      timely in the Purchase Order System\n      (POS). There were also several                 -0-           -0-   4a. DOA Quality Assurance Unit has been assigned the               Final\n      contracts incorrectly classified in                                responsibility to review weekly POS reports to ensure ACSB         Management      ACSB\n      POS.                                                               compliance with current policy.                                    Decision      Memorandum\n                                                                         4b. Quality Assurance will also be responsible for monitoring             +\n                                                                         the accuracy of ACSB's assignment of PSCs.                             90 days\n\n 5    Contractor personnel were working                                  Management agreed with the finding and recommendation.\n      in FDIC facilities without the                 -0-           -0-                                                                          Final\n      required background investigations.                                ACSB implemented a new process for conducting                       Management       APM\n                                                                         background investigations effective July 1999. Changes in            Decision       Revision\n                                                                         this process will be incorporated in an upcoming APM                     +\n                                                                         revision.                                                            120 days\n\n 6    FDIC did not use multiple sources to                               Management agreed with the finding and recommendation to\n      prepare solicitation lists for DIRM            -0-           -0-   the extent that it applies to non-FSS procurements.                    Final          ACSB\n      contracts as required by ACSB                                                                                                          Management    Memorandum\n      policy.                                                            Management will continue to emphasize to COs the                     Decision            /\n                                                                         importance of using all available sources when developing a              +          Marketing\n                                                                         solicitation list. In addition, newly applied marketing research     90 days     research results\n                                                                         will be used to expand the number of firms on NCS.\n\n\n\n\n                                                                            29\n\x0c                                                                   EXHIBIT A (Con\xe2\x80\x99t)\n\n\n                                                             SUMMARY OF MANAGEMENT DECISION\n\n\n\n                                               QUESTIONED      AMOUNT              DESCRIPTION OF CORRECTIVE ACTION                         EXPECTED       DOCUMENT\nNO.        FINDING DESCRIPTION                    COST       DISALLOWED                                                                    COMPLETION      VERIFYING\n                                                                                                                                              DATE        COMPLETION\n\n 7    Many contract solicitations did not                                  Management agreed with the finding and recommendation.          Final\n      allow a reasonable amount of time                -0-           -0-                                                                   Management        APM\n      for companies to respond.                                            DOA will collaborate with DIRM and establish a minimum                          Revision\n                                                                           timeframe for vendors to respond to FDIC solicitations.         Decision           or\n                                                                                                                                                  +         ACSB\n                                                                                                                                               120 days   Memorandum\n\n\n 8    ACSB policy permitting disclosure of                                 Management agreed with the finding and recommendation.          Final            Revised\n      companies on the solicitation list can                                                                                               Management        RFP\n      reduce competition and                           -0-           -0-   In February 1999, ACSB discontinued its temporary waiver                            /\n      increase chances that companies                                      of APM allowing the distribution of bidder lists. Dialog with   Decision         ACSB\n      might engage in practices that are not                               ODEO has been ongoing to find new methods of stimulating               +       Memorandum\n      in the government\xe2\x80\x99s best interests.                                  MWOB participation in the procurement process.                      120 days\n\n\n 9    Many DIRM service contracts had                                      Management agreed with the finding and recommendation.\n      too much participation and influence\n      by a single program person for                   -0-           -0-   9a. Management will expand the use of the source selection          Final       9a. APM\n      technical evaluation as well as                                      process to include large IT multiple award schedule service      Management      Revision\n      contract solicitation, award, and                                    contracts.                                                        Decision           /\n      administration.                                                                                                                            +         9b. ACSB\n                                                                           9b. Management will also instruct COs and ACSB staff tp           120 days     Memorandum\n                                                                           convene 3-member TEPs for all MAS contracts that exceed\n                                                                           the maximum order limitation.\n\n\n                Totals                                 -0-           -0-\n\n\n\n\n                                                                              30\n\x0c                                                                                                                                                         APPENDIX II\n                                                     MANAGEMENT RESPONSES TO RECOMMENDATIONS\n\nThe Inspector General Act of 1978, as amended, requires the OIG to report on the status of management decisions on its recommendations in its semiannual reports to the\nCongress. To consider FDIC\xe2\x80\x99s responses as management decisions in accordance with the act and related guidance, several conditions are necessary. First, the response must\ndescribe for each recommendation\n\n     \xe2\x80\xa2 the specific corrective actions already taken, if applicable;\n\n     \xe2\x80\xa2 corrective actions to be taken together with the expected completion dates for their implementation; and\n\n     \xe2\x80\xa2 documentation that will confirm completion of corrective actions.\n\nIf any recommendation identifies specific monetary benefits, FDIC management must state the amount agreed or disagreed with and the reasons for any disagreement. In the\ncase of questioned costs, the amount FDIC plans to disallow must be included in management\xe2\x80\x99s response.\n\nIf management does not agree that a recommendation should be implemented, it must describe why the recommendation is not considered valid.\n\nSecond, the OIG must determine that management\xe2\x80\x99s descriptions of (1) the course of action already taken or proposed and (2) the documentation confirming completion of\ncorrective actions are responsive to its recommendations.\n\nThis table presents the management responses that have been made on recommendations in our report and the status of management decisions. The information for\nmanagement decisions is based on management's written response to our report and subsequent discussions with management representatives.\n\n\n                                                                                                    Expected      Documentation That                 Management\n   Rec.                                                                                            Completion     Will Confirm Final   Monetary       Decision:\n  Number                   Corrective Action: Taken or Planned / Status                               Date              Action         Benefits       Yes or No\n               Management agreed with the finding and recommendation.                               1/13/00         New SOW;             N/A             Yes\n      1                                                                                                              Training\n               A new SOW, emphasizing the use of task assignment (TA) documents, is                                   Plan;\n               currently required for all future DIRM contracts; and the TAs will be reviewed by                   APM Revision\n               ACSB and become part of the contract file. DIRM and DOA will provide\n               additional training to OMs. Also, ACSB will modify the APM to incorporating\n               the use of TAs in FDIC contracts.\n\n               Management did not agree with the conclusion, but agreed with the                    1/13/00            APM               N/A             Yes\n      2        recommendation.                                                                                        Revision\n\n               ASB will incorporate additional guidance in the APM to clarify the policy\n               involving modifications that increase contract values.\n\n                                                                                          31\n\x0c                                                                                               Expected     Documentation That              Management\n Rec.                                                                                         Completion    Will Confirm Final   Monetary    Decision:\nNumber               Corrective Action: Taken or Planned / Status                                Date             Action         Benefits    Yes or No\n         Management agreed with the finding and recommendation.                                11/15/99    ACSB Memorandum         N/A         Yes\n  3\n         ACSB\xe2\x80\x99s Quality Assurance Unit will track future expenditures and ensure\n         that necessary notifications are made.\n         Management agreed with the finding and recommendation.                                12/13/99    ACSB Memorandum         N/A         Yes\n\n  4       DOA Quality Assurance Unit has been assigned the responsibility to\n         review weekly POS reports to ensure ACSB compliance with current\n         policy.\n\n         Management agreed with the finding and recommendation.                                12/13/99    ACSB Memorandum         N/A         Yes\n\n  5      Quality Assurance will also be responsible for monitoring the accuracy of\n         ACSB's assignment of PSCs.\n\n         Management agreed with the finding and recommendation to the extent that              1/13/00     ACSB Memorandum         N/A         Yes\n         it applies to non-FSS procurements.                                                                      and\n                                                                                                           Marketing research\n  6      Management will continue to emphasize to COs the importance of using all                               results\n         available sources when developing a solicitation list. In addition, newly\n         applied marketing research will be used to expand the number of firms on\n         NCS.\n\n         Management agreed with the finding and recommendation.                                12/13/99    ACSB Memorandum         N/A         Yes\n                                                                                                             Plus Marketing\n         Management will continue to emphasize to COs the importance of using all                           research results\n  7      available sources when developing a solicitation list. In addition, newly applied\n         marketing research will be used to expand the number of firms on NCS. In\n         addition COs meet with program office officials and assist in the preparation of\n         the bidder list. For requirements exceeding the maximum order threshold on\n         GSA Schedule contracts, DOA indicated in discussions with them subsequent to\n         receipt of their response to the draft report, that they reviewed GSA procurements\n         over the past year and found they generally ensure that at least 5 \xe2\x80\x93 8 firms are\n         solicited.\n\n\n\n\n                                                                                    32\n\x0c                                                                                      Expected    Documentation That              Management\n Rec.                                                                                Completion   Will Confirm Final   Monetary    Decision:\nNumber              Corrective Action: Taken or Planned / Status                        Date            Action         Benefits    Yes or No\n         Management agreed with the finding and recommendation.                       1/13/00         Revised            N/A         Yes\n                                                                                                     RFP and\n  8      In February 1999, ACSB discontinued its temporary waiver of APM                              ACSB\n         allowing the distribution of bidder lists. Dialog with ODEO has been                       Memorandum\n         ongoing to find new methods of stimulating MWOB participation in the\n         procurement process.\n\n         Management agreed with the finding and recommendation.                       1/13/00         Revised            N/A         Yes\n                                                                                                     RFP and\n         In February 1999, ACSB discontinued its temporary waiver of APM                              ACSB\n  9      allowing the distribution of bidder lists. Dialog with ODEO has been                       Memorandum\n         ongoing to find new methods of stimulating MWOB participation in the\n         procurement process.\n\n         Management agreed with the finding and recommendation.                       1/13/00       APM Revision         N/A         Yes\n\n 10      Management will expand the use of the source selection process to include\n         large IT multiple award schedule service contracts.\n\n         Management agreed with the finding and recommendation.                       1/13/00     ACSB Memorandum        N/A         Yes\n\n 11      Management will also instruct COs and ACSB staff to convene 3-member\n         TEPs for all MAS contracts that exceed the maximum order limitation.\n\n\n\n\n                                                                              33\n\x0c"